16 Aug Transport Layer Security
For as long as people have been communicating, there has been a need for two parties to conduct their communications securely. Pulling aside someone and whispering in their ear is a form of “secure communication,” although to what degree the conversation is “secure” is up to interpretation. Someone with good hearing or standing just a little too close would be enough to break the security of the conversation (never mind lip readers!)
Computer communication is no different than spoken. In the early days of the Internet, much of the talking done between computers was effectively in plain-text. It was almost trivial for eavesdroppers to “listen in” on electronic communication and generate a copy of what was being said.
To combat the various methods that important information is compromised, methods to obfuscate our communications have become more and more sophisticated: from conversations in a separate room, to Caesar ciphers, one-time pads, and all the way to our modern mathematical cryptography.
It is this mathematical cryptography that is at the heart of all secure communications that take place over the Internet, implemented as a set of protocols collectively called Transport Layer Security (TLS).
Transport Layer Security
Transport Layer Security, or TLS, is a set of cryptographic protocols that ensures that communication between two computers on the Internet is private, authentic, and reliable. The methods that TLS uses to achieve this are:
- Private: TLS employs symmetric cryptography to ensure that the data stream between the two computers is encrypted. All steps of establishing this encrypted connection are also hidden from possible eavesdroppers, including the establishment of cryptographic keys and and the encryption algorithm to be used.
- Authentic: TLS allows that the communicating parties authenticate themselves, usually through a certificate offered by the server.
- Reliable: TLS-based communications include an integrity check, so if parts of the message are tampered with en route, the protocol can identify these parts.
Currently, TLS has four major revisions that are supported by most web servers and browsers: TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. Of these, TLS 1.0 is understood to be depreciated; there are known attacks against the protocol and this version of TLS should not be used in production. TLS 1.3 is not yet an Internet Standard, although web servers and browsers are being updated to use the protocol before standardization. TLS 1.1 and TLS 1.2 are the most commonly used protocol versions, and all Alpha Hosting servers are configured to use TLS 1.2 when available.
Making sure that the communication between the client and your server, or from your server to your payment gateway, is critical for any e-commerce presence on the Internet. If your online store is accepting orders and payment information without using TLS, then your customers’ private information is within reach of any eavesdroppers on the Information Superhighway!
But how can you be sure that your store is using TLS for its communications? The easiest way would be to add an SSL certificate to your store (SSL being the predecessor to TLS) and make sure your store can communicate over the HTTPS protocol. If so, then your domain/store is using TLS to secure its communication with the Internet. Alpha Hosting offers many different SSL certificates for your domain, found here. For more information on types of SSL certificates and TLS, see our blog post from earlier this year. If you have questions about which SSL is right for you, or are ready to order, please contact our Sales Team by opening a ticket.